The australian police are advising people who use their computer for on-line banking to use a live CD and mention amongst other distros, Puppy Linux. This has been widely reported recently.

Thing is, Puppy always runs as root and therefore could still be vulnerable to hidden downloaded executables that could read and subsequently re-transmit any sensitive data such as passwords that are resident in RAM during the on-line session.

In order to close down this possibility, it would be better to at least have the option of logging in to Puppy as a non-root user - even while running from live CD, so that rogue applications have no ability to install without appropriate authentication.

Would be a great step-up for Puppy to have this available from now on - maybe starting with the planned 4.4CE version._________________Life is too short to spend it in front of a computer

Been there, done that. Built the Puppy, made a revision, wrote lots of documentation.... No t-shirt though Multiuser Puppy
It doesn't come with a limited user already installed though (well, there is spot, but he isn't configured any differently from in the standard Puppy, so you would probably prefer to create a limited user to use, who would then have a normal desktop). You have to boot once as root, add other users, remember to change your password, disable the autologin, and then reboot. The reason I did it that way is to make it transparent, so that the rest of us who like being root don't notice any change. That way it would be easier for a developer to slip this into an official Puppy without causing riots. People are free to remaster it into a version that has different defaults if they want a version that comes preset to be used with pfix=ram or whatever.

But the nice thing about MU's method rather than actually running completely as the user is that if only Seamonkey is spot, then if Seamonkey is compromised, it can only modify things spot can modify, which is nearly nothing outside of the /root/spot/ directory. On the other hand, if you were logged in as a limited user named tronkel, and just running Seamonkey normally (so that it was also running as tronkel), then if Seamonkey were compromised, it would be able to modify anything that tronkel can modify.

In a purely ram situation, where there is no preserved data at all, there isn't as big of a difference since tronkel wouldn't have much data around anyway, and still wouldn't be allowed to modify system files. But for an installation where data is preserved, tronkel will presumably have all his personal data stored owned or at least readable by the tronkel user, so that he can read it without jumping through hoops. In that case, being a limited user does not protect you at all from a privacy standpoint if your browser is compromised, since it has the same permissions you do.

So to be really paranoid you would want to run as a limited user, but then run your browser as a different (and even more limited) user. This could probably be done fairly painlessly with sudo so that you wouldn't have to input a password just to run the browser as user "browser", but could still have the browser user password protected from the other users (in case you have multiple people involved, or in case you want to isolate other applications too, like IRC or email, and don't want them to be able to read eachother's data)._________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Tronkels proposal is a really useful new capability for Puppy, and removes one minor shortcoming - security for traveller-users (compared to other distros).

"the option of logging in to Puppy as a non-root user - even while running from live CD, so that rogue applications have no ability to install without appropriate authentication.
Would be a great step-up for Puppy to have this available from now on - maybe starting with the planned 4.4CE version."

This capability will need to be a simple on/off toggle for the average puppy user - implying some neat programming from you linux-majors who know how to do that, and make a gui.

Tronkels description of purpose could be put in plain English ie
"logging in to Puppy as a non-root user" could become
"use ultra-security" (or words to that effect). And perhaps it should default back to the root-user mode at logoff (fail-safe position for several reasons).

Attached is a dotpet that contains MU's seamonkeyspot script
plus a GUI exectutable. All the GUI does is to run the script. GUI was made using FLTK and C++

The pet makes a menu entry called "safemonkey secure browser"
This starts your seamonkey browser as user "spot" who has no access to system files. This should ensure that no malware can be installed without your knowledge, even running as a live cd.

Seems to work, apart from a profile problem that causes the seamonkey main window to corrupt slightly. It's an old Mozilla problem - not sure what the solution is yet.

Will test it further. Let me know what you find.

edit: see lower down the thread for an updated dotpet that includes exception handling that checks for the existence of seamonkeyspot script in /root

.... it is not a good idea to make / 777. If you do that, any limited user can rename the top level directories (they cannot actually delete them if there is any content within them that they don't have permission to change, but they can rename just fine).

You are better off running Seamonkey as root than doing that.

And anyway, you definitely should not need to make / 777 just to run seamonkey as spot. The problem must be something else._________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum